Administering user accounts

Accessing other accounts with su(1M)

The su(1M) utility (for ``superuser'') can be used to switch over to another account temporarily. It is primarily used to access the root account, when it is executed without an argument. Otherwise, it is used in this form:

su username

su prompts for the account password, and if it is correct, a Bourne shell is started under the other account. Transitions with su do not affect the login user ID (LUID), so login and audit records remain accurate.

If a dash (-) is present on the command (su -), the environment for that user is executed (including login shell and home directory), making it essentially the same as logging in as that user. To exit the shell, enter exit or press <Ctrl>D and you return to your own account.

NOTE: You can configure su not to prompt for a password by setting PROMPT=NO in /etc/default/su. The invoking user, however, must still have appropriate privilege to execute su successfully. If this parameter does not exist or is set to anything other than NO, su prompts for a password when invoked and validates the password (if one is defined for the invoking user).

See also:

Logging su(1M) usage

Use of the su(1M) command is logged in the file /var/adm/sulog like this:

   SU 07/08 22:32 + ttyp0 mavrac-root
The entry indicates the date, time, location, and name of the account using the command. The following information is logged if an entry for SULOG appears in /etc/default/su:

See also:

Next topic: Changing the system security profile
Previous topic: Allowing users to execute superuser commands

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004